NSA "Q GROUP" THE MOTHERLODE (PART 1)

Q: Associate Directorate for Security and Counterintelligence (ADS&CI)

Q0: Staff

Q05: Security Operations Center (SOC)

Q07: NSA Counterintelligence Center (NSACC)

Q09: Security Support Staff

Q1: Office of Physical Security

Q123: ?

Q2: Office of Personnel Security

Q223: Counterintelligence Awareness

Q3: Investigations Division

Q31: ?

Q311: Counterintelligence Investigations

Q312: Compromise Investigations Branch

Q5: Office of Security

Q509: Security Policy Staff

Q51: Physical Security Division

Q52: Field Security Division

Q55: NSA CCAO

Q56: Security Awareness

Q57: Polygraph

Q7: Counterintelligence

QJ: Joint Program Security Office

SOURCE: https://electrospaces.blogspot.com/2014/01/nsas-organizational-designations.html

So far, the following classified documents have been disclosed WITHOUT having been attributed to Snowden:

2013:

• Chancellor Merkel tasking record

• TAO's ANT product catalog

2014:

• XKEYSCORE rules: TOR and TAILS

• NCTC watchlisting guidance

• NCTC terrorist watchlist report

2015:

• XKEYSCORE rules: New Zealand

• Ramstein AFB supporting drone operations

• NSA tasking & reporting: France

• NSA tasking & reporting: Germany

• NSA tasking & reporting: Brazil

• NSA tasking & reporting: Japan

• Chinese cyber espionage against the US

• XKEYSCORE agreement between NSA, BND and BfV

• The Drone Papers

• Cellphone surveillance catalogue

2016:

• US military documents: Iraq and Afghanistan

• NSA tasking & reporting: EU, Italy, UN

• TAO hacking tools (The Shadow Brokers)

• FBI & CBP border intelligence gathering

• TAO IP addresses and domain names

2017:

• TAO Windows files

• CIA hacking tools (Vault 7)

• TAO Solaris exploits

• TAO Windows exploits + SWIFT files

• CIA specific hacking projects (Vault 7)

• NSA report about Russian hacking

• TAO UNITEDRAKE Manual

• CIA source code (Vault 8)

"Update:

So far, the last publication that can be attributed to the Second Source were the NSA tasking & reporting files in February 2016. Then in August of that year, someone or a group who called themselves The Shadow Brokers, started a series of leaks, mainly of TAO hacking tools. They are published without an intermediary like media outlets or Wikileaks (although already in August 2016, Wikileaks claimed to have its own copy of the Shadow Brokers files, but never released them).

The Shadow Brokers leaks undermine NSA operations in a similar way as those of the Second Source, so it's vey well possible that the same person is behind both series of leaks. Also interesting is that the latest timestamp found in the Shadow Brokers files is October 18, 2013, which is around the same time the first leak from the Second Source came out."

MOAR UPDATES WITH LINKS AT SOURCE:

Source nr. 1 (Edward J. Snowden)

• Thousands of documents about NSA and the 5 Eyes

Source nr. 2 (NSA insider and/or hostile intelligence?)

• Chancellor Merkel tasking record

• TAO's ANT product catalog

• XKEYSCORE rules: TOR and TAILS

• XKEYSCORE rules: New Zealand

• NSA tasking & reporting: France, Germany, Brazil, Japan

• XKEYSCORE agreement between NSA, BND and BfV

• NSA tasking & reporting: EU, Italy, UN

Source nr. 3 (someone from US military intelligence?)

• NCTC watchlisting guidance

• NCTC terrorist watchlist report

• Ramstein AFB supporting drone operations

• The Drone Papers

• Cellphone surveillance catalogue

• FBI & CBP border intelligence gathering

Source nr. 4 (on behalf of the US government?)

• Chinese cyber espionage

Source nr. 5 (low-level military person)

• US military documents: Iraq and Afghanistan

Source nr. 6 ("The Shadow Brokers")

• TAO hacking tools

• TAO IP addresses and domain names

• TAO Windows files

• TAO Solaris exploits

• TAO Windows exploits + SWIFT files

• TAO UNITEDRAKE Manual

Source nr. 7 (Joshua A. Schulte)

• CIA hacking tools (Vault 7)

• CIA specific hacking projects (Vault 7)

• CIA source code (Vault 8)

Source nr. 8 (Reality L. Winner)

• NSA report about Russian hacking

EACH DOCUMENT LINKED AT SOURCE: https://electrospaces.blogspot.com/2015/12/leaked-documents-that-were-not.html

NSA "Q GROUP" THE MOTHERLODE (PART 2)

UPDATES:

On October 6, 2016, The New York Times reported that on August 27, 2016, the FBI arrested 51-year old Harold T. Martin III, who worked at NSA as a contractor for Booz Allen Hamilton. He was described as a hoarder and on February 8, 2017 he was only indicted on charges of stealing and retaining the largest heist of classified information in US history: from the 1990s until 2016, he took documents from US Cyber Command, CIA, National Reconnaissance Office (NRO) and NSA. Martin was not accused of passing information to foreigners, nor of being the source for the Shadow Brokers publications.

> See also: With NSA contractor Martin arrested, other leakers may still be at large

On November 19, 2016, it was reported by the Washington Post that there had been yet another, previously undisclosed breach of cybertools, which was discovered in the summer of 2015. This was also carried out by a TAO employee, who had also been arrested, but his case was not made public. An official said that it is not believed that this individual shared the material with another country.

In October 2017, the Wall Street Journal and the Washington Post revealed that this anonymous TAO employee had taken hacking tools home to work on it on his private laptop, which ran Kaspersky antivirus software. This program detected the hacking files after which Russian hackers targeted his laptop. The TAO employee was removed from his job in 2015, but was not thought to have taken the files to provide them to a foreign spy agency.

From the court documents, we learn that this TAO employee is 67-year old Nghia H. Pho from Ellicott City, Maryland, who was born in Vietnam and naturalized as a US citizen. From 2006 to 2016, he worked as a software developer at NSA's TAO division, and from 2010 till March 2015, he took classified documents home, both digital and hard copy.

On April 20, 2017, CBS News reported that CIA and FBI started a joint investigation into the leak of the CIA hacking tools that were published by Wikileaks under the name "Vault 7". Investigators are apparently looking for an insider, either a CIA employee or contractor, who had physical access to the material.

An updated overview of the Shadow Brokers story was published by the New York Times on November 12, 2017, saying that investigators were worried that one or more leakers may still be inside NSA and also that the small number of specialists who have worked both at TAO and at the CIA came in for particular attention, out of concern that a single leaker might be responsible for both the Shadow Brokers and the files published by Wikileaks as part of their Vault7 and Vault8 series (although the CIA files are more recent).

In May 2018 it was reported that in March 2017, two months after Wikileaks started publishing its Vault7 series, the FBI arrested Joshua Adam Schulte. From May 2010 until November 2016 he worked at the Directorate of Science & Technology (DS&T) of the CIA's National Clandestine Service (NCS), developing Windows and Linux tools to support clandestine operations. On June 18, 2018, Schulte was charged for stealing the hacking files and providing them to Wikileaks.

So, besides the various sources who stole classified material that was leaked to the public, there are at least the following leaks from which (so far, and as far as we know) no documents have been published:

Leak nr. 9 (Harold T. Martin III)

• Classified documents from multiple agencies

Leak nr. 10 (via Kaspersky AV from Nghia H. Pho's computer)

• TAO documents and hacking tools

SOURCE: https://electrospaces.blogspot.com/2015/12/leaked-documents-that-were-not.html#motives

>>5623100

>>5623171

They list their sources:

Links and Sources

• Politico: Exclusive: How a Russian firm helped catch an alleged NSA data thief (2019)

• The New York Times: Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core (2017)

• Wired.com: The NSA Officially has a Rogue Contractor Problem (2017)

• Schneier.com: Who is Publishing NSA and CIA Secrets, and Why? (2017)

• ForeignPolicy.com: Trove of Stolen NSA Data Is ‘Devastating’ Loss for Intelligence Community (2017)

• LawfareBlog.com: Weaponized Wikileaks: Nick Reads Wikileaks So You Don't Have To (2015)

• Schneier.com: The US Intelligence Community has a Third Leaker (2014)

Also on Hacker News